Last updated: 27 August 2018

Introduction

WeChat Pay Europe B.V. (“we”, “our”, “us”) is committed to protecting and respecting your privacy. We are a company established in the Netherlands with registered address at 26.04 on the 26th Floor of Amstelplein 54, 1096 BC Amsterdam, and for the purpose of the General Data Protection Regulation (the “GDPR”), we are the data controller.

Note:This policy only applies to users who have WeChat Pay functionality who ordinarily reside in the European Union. In order to have this functionality, you must have a bank account in China and have entered into the WeChat Payment User Service Agreement. In order to use this functionality in the European Union, you must have entered into the supplementary European WeChat Payment Addendum. If you do not ordinarily reside in the European Union, please refer to our standard privacy policy here.

This policy sets out the basis on which we will process any personal data or usage information we collect from you, or that you provide to us, in connection with your use WeChat Pay, the fund transfer service administered by us and provided by Tenpay for the recipient and payer via the WeChat application and the WeChat public platform (“WeChat Pay” or the “Service”). Please read this policy carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data. If you do not agree with this Privacy Policy in general or any part of it, you should not use the Service.

What types of information do we collect and how do we use it?

• Information from Tenpay. If you choose to use this Service, you must have a Tenpay account. We therefore receive information from Tenpay in order to set up your account for the Service. This information includes your name, identity certificate number, WeChat ID, openid, phone number tied to the WeChat ID, profile photo, nickname, frequent login location, WeChat ID registration location as well as mobile telephone numbers, bank card numbers and expiration dates and certain identification information so that we can register your payment account, tie your bank information that that account, in order to enable you to use the Service.
• Customer service information. You may provide information by contacting us via our Service or email, telephone, instant chat, social media or otherwise or by signing up for our newsletters or alerts.
• Biometric data. You may also choose to add certain biometric information - such as fingerprint data and voice data - for payment account security authentication and identification purpose.
• Aggregated and anonymised data. We will use any of the above information to create aggregated and anonymised data, insights and reports for internal business planning purposes and to understand how to improve WeChat Pay Europe for our users.

In order to administer the Service, we are required to comply with certain legal obligations. This means that we will use the information you provide in order to protect you from fraud, and we will monitor certain transactions as required by law and as set out in ourUser Agreement at clause 2.1.4 .

We will use your information in order to provide you with the Service, in accordance with our contract with you. In particular, we need to use your information to ensure that we are able to provide the Services under the contract.

As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our products and organisation, we will use your information to:

• communicate with you;
• sign you up for our newsletters or alerts;
• contact you via telephone, email or WeChat
• identify our users;
• administer and provide services and customer support per your request;
• enforce our terms and conditions;
• if you have opted in to marketing, communicate with you about products, services, promotions, events and other news and information we think will be of interest to you;
• provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information).

Technical usage information. When you use the Service, we automatically collect the information sent to us by your computer, mobile phone, or other access device. This information includes:

• your IP address;
• device information including, but not limited to, identifier, name, and type of operating system;
• mobile network information;
• standard web information, such as your browser type and the content you access on our Service.

As it is in our legitimate interests to process your data to provide effective services and useful content to you we collect this information in order to:

• personalise our Service to ensure content is presented in the most effective manner for you and your device;
• monitor and analyse trends, usage and activity in connection with our Service to improve the Service;
• administer the Service, and for internal operations, in order to conduct troubleshooting, data analysis, testing, research, statistical and survey analysis;
• keep the Service safe and secure;
• measure and understand the effectiveness of the content we serve to you and others.

We receive information from other sources, such as Tenpay (as described above) which is held outside the EU.

How do we share your personal data?

We do not sell, rent or lease your personal information to others except as described in this Privacy Policy. We share your information with selected recipients. These categories of recipients include:

• our group members and affiliates such at Tenpay, located in China, to provide the Service;
• acquiring institutions, banks and payment services providers located in the countries tied to your accounts, to facilitate payments made through WeChat Pay;
• cloud storage provides located in China and which store your personal data in China, to store the personal data you provide and for disaster recovery services, as well as for the performance of any contract we enter into with you; and
• provided you have consented, advertisers and advertising networks located in China and which store your personal data in China that require the data to select and serve relevant adverts to you and others.

We will share your information with law enforcement agencies, public authorities, financial regulators, state banks and financial authorities, or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:

• comply with a legal obligation, process or request;
• enforce our terms and conditions and other agreements, including investigation of any potential violation thereof;
• detect, prevent or otherwise address security, fraud or technical issues; or
• protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).

We will also disclose your information to third parties:

• in the event that we sell any business or assets, in which case we will disclose your data to the prospective buyer of such business or assets; or
• if we or substantially all of our assets are acquired by a third party, in which case information held by us about our users will be one of the transferred assets.

Where do we store your personal data?

The information that we collect from you will be transferred to, and stored at/processed in China under the Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2004/915/EC. Your personal data is also processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff are engaged in, among other things, the processing of your payment details and the provision of support services. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this policy.

The security of your personal data

Unfortunately, the transmission of information via the internet or email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Service or over email; any transmission is at your own risk. Once we have received your information, we will take appropriate technical and organisational measures to safeguard your personal data against loss, theft and unauthorised use, access or modification.

We will, from time to time, host links to and from the websites of our affiliates or third parties. If you follow a link to any of these websites, these websites will have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before you submit any information to those websites.

How long do we store your personal data?

We will retain your customer information and transaction history for six years following the date of deletion of your payment account.

After you have terminated your use of our Service, we will store your information in an aggregated and anonymised format.

Your rights

Users in the European Economic Area have rights in relation to the personal data. Some of these only apply in certain circumstances. We have described these situations below, as well as how you can exercise your rights. To exercise any of your rights, please email wechatpayprivacy@tencent.com.

You have the following rights in relation to your personal data:

• Access: to enquire and access personal information held by WeChat Payand details about how we use it and who we share it with;
• Portability: where we process personal information provided by you and processed by us based on contract or consent, you have the right to receive or ask us to provide your personal data (subject to any applicable law) to a third party in a structured, commonly used and machine-readable format;
• Correction: to correct any personal data held about you that is inaccurate and have incomplete data completed (including by the provision of a supplementary statement). Where you request correction, please explain in detail why you believe the personal data we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that while we assess whether the personal data we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below;
• Erasure: that we erase your personal data in certain circumstances;
• Restriction of Processing to Storage Only: to require us to stop processing the personal data we hold about you other than for storage purposes in certain circumstances.
• Objection: in certain circumstances, the right to restrict or object to our processing of your personal data (e.g. where you request correction or erasure, you also have a right to restrict processing of your applicable data while your request is considered). You also have the right to object to marketing based on profiling;
• Withdrawing Consent: you can withdraw your consent at any time by emailing us at wechatpayprivacy@tencent.com; and
• Complaints: in the event that you wish to make a complaint about how we process your information, please email wechatpayprivacy@tencent.com and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with your local data protection authority.

Changes

Any changes we will make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy.

Contact

Questions, comments and requests regarding this policy are welcomed and should be addressed to wechatpayprivacy@tencent.com.